cbcvebase.
CVE-2020-12303
published 2020-11-12

CVE-2020-12303: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

Affected

8 ranges
VendorProductVersion rangeFixed in
intelconverged_security_and_manageability_engine< 11.8.8011.8.80
intelconverged_security_and_manageability_engine>= 11.12.0 < 11.12.8011.12.80
intelconverged_security_and_manageability_engine>= 11.22.0 < 11.22.8011.22.80
intelconverged_security_and_manageability_engine>= 12.0 < 12.0.7012.0.70
intelconverged_security_and_manageability_engine>= 14.0 < 14.0.4514.0.45
intelconverged_security_and_manageability_engine>= 14.5.0 < 14.5.2514.5.25
inteltrusted_execution_technology
inteltrusted_execution_technology